user = nobody # Run with the permissions of this user
group = nogroup # Run with the permissions of this group
listen = * # Listen on these addresses ('*' for all)
no-listen = # Do not listen on these addresses

# CACHE OPTIONS

zone-cache-size = 2048 # Maximum number of elements stored in the zone cache
zone-cache-expire = 60 # Number of seconds after which cached zones expires
reply-cache-size = 2048 # Maximum number of elements stored in the reply cache
reply-cache-expire = 30 # Number of seconds after which cached replies expire

REFUSED
The query was refused due to server policy. This usually happens because
the client attempted to AXFR a zone that they were not allowed to transfer,
or because the client requested a name within a zone for which the server
is not authoritative.
11. If the previous ﬁeld was anything but NOERROR, this is a human-readable reason why
the query failed, with any space characters in the string converted into underscore (‘_’)
characters. If the previous ﬁeld was NOERROR, this ﬁeld contains a dash (‘-’).
12. The number of resource records included in the question section of the reply.
13. The number of resource records included in the answer section of the reply.
14. The number of resource records included in the authority section of the reply.
15. The number of resource records included in the additional section of the reply.
16. The word LOG.
17. The character ‘Y’ if this was a cached reply, ‘N’ if it was not.
18. The opcode for this query – ‘QUERY’ or ‘UPDATE’.
19. If the previous ﬁeld was ‘UPDATE’, this is a description of the update performed, enclosed
in quotation marks. For example, this ﬁeld might contain ‘"test-a.example.com.
3600 IN A 0 1.2.3.4"’, indicating that for the zone speciﬁed, an A record was created
for test-a.example.com. with the value 1.2.3.4.

I had this same problem and figured it out with switching to mydns-ng. I had considered switching to mydns-ng until I found out that it's still in development and there has yet to be a "stable" release. In it's current state, mydns-ng is not suitable for use on our production servers.

In post #8, you posted the check_xfer function from axfr.c. That function contains the following query:

The problem is that the query is looking for "active=1" in the dns_soa table. However, in ISPConfig 3.0.1.1 (and probably the SVN, as well), the "active" field in the dns_soa table is type "enum('N', 'Y')", so that query will always fail.

If you wish to keep mydns, there are two solutions. Either:

1) Change that query in axfr.c to check for "active='Y'" instead of "active=1" and recompile mydns.

2) Alter the "active" field in the dns_soa table to type "int" or "tinyint" and change lines 178-179 of "/usr/local/ispconfig/interface/web/dns/form/dns_soa.tform.php" to the following:

Code:

'default' => '1',
'value' => array(0, 1)

and change lines 92-94 of "/usr/local/ispconfig/interface/lib/classes/listform_actions.inc.php" to the following: